Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c328b0f3913a4eaa09445cd341c18e03f4aa4dc83479c46678241c8e5c884b29

  • Size

    880KB

  • Sample

    230322-kjge3ahg4v

  • MD5

    9e14dec995887863a704ab32453fa5f6

  • SHA1

    b3552d0e99bde52f2a1041040d741919397b2c35

  • SHA256

    c328b0f3913a4eaa09445cd341c18e03f4aa4dc83479c46678241c8e5c884b29

  • SHA512

    9b96074fabd0bae4a87e258f2f1427e73f7b8cecf14d9ea216862c1b80c3d3f90afc2c46ca50b69ac4e18d08af15756787737020cdd24c6e7619e26d35b99fbc

  • SSDEEP

    6144:LQuiA1RTz/cYja2ieb5YbF5R+Jn8xH97r7Fh1d43wUmDm:nz/9ja2ieFYp5R+I7zY

Score
10/10
pseudomanuscryptloader

Malware Config

Targets

    • Target

      c328b0f3913a4eaa09445cd341c18e03f4aa4dc83479c46678241c8e5c884b29

    • Size

      880KB

    • MD5

      9e14dec995887863a704ab32453fa5f6

    • SHA1

      b3552d0e99bde52f2a1041040d741919397b2c35

    • SHA256

      c328b0f3913a4eaa09445cd341c18e03f4aa4dc83479c46678241c8e5c884b29

    • SHA512

      9b96074fabd0bae4a87e258f2f1427e73f7b8cecf14d9ea216862c1b80c3d3f90afc2c46ca50b69ac4e18d08af15756787737020cdd24c6e7619e26d35b99fbc

    • SSDEEP

      6144:LQuiA1RTz/cYja2ieb5YbF5R+Jn8xH97r7Fh1d43wUmDm:nz/9ja2ieFYp5R+I7zY

    Score
    10/10
    pseudomanuscryptloader

    • Detects PseudoManuscrypt payload

      loader

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • PseudoManuscrypt

      PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.

      loaderpseudomanuscrypt

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks